How to get better security people
batz
batsy at vapour.net
Wed Apr 3 19:31:28 UTC 2002
On Wed, 3 Apr 2002, Avleen Vig wrote:
:Have a look at SAFE (url in sig).
:We detect smurf amplifiers and I'm currently looking at ways to export
:data to companies regarding large smurf amplifiers (>x250 amplification)
:who refuse to close after X number of warnings.
Yeah, that uses a bit more of the anti-spam model than a network
protection model. Aris takes IDS logs from subscriber sites,
normalizes them and generates stats (among other things). After
the data is normalized, they show emerging trends and anomalies.
An example of this would be if an attacker started scanning across
the Internet for ssh servers, this could trigger IDS's at multiple
sites, which would increase the profile of attackers ip addr.
What I was suggesting is that this data be cleaned and a list of
actively hostile hosts be distributed to subscribers for temporary
blockage, either by port filter, or blackholed by prefix on a reasonably
real-time basis.
--
batz
More information about the NANOG
mailing list